Skip to content

Commit

Permalink
Merge branch 'main' into ali/add-system-installed-files-pkg
Browse files Browse the repository at this point in the history
  • Loading branch information
@AliDatadog
AliDatadog committed Aug 16, 2023
2 parents 3c2c22f + 6f03c79 commit 79a64d0
Show file tree
Hide file tree
Showing 8 changed files with 91 additions and 28 deletions.
2 changes: 2 additions & 0 deletions ci/deploy-deb.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,14 @@ cd trivy-repo/deb

for release in ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do
echo "Removing deb package of $release"
reprepro -A i386 remove $release trivy
reprepro -A amd64 remove $release trivy
reprepro -A arm64 remove $release trivy
done

for release in ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do
echo "Adding deb package to $release"
reprepro includedeb $release ../../dist/*Linux-32bit.deb
reprepro includedeb $release ../../dist/*Linux-64bit.deb
reprepro includedeb $release ../../dist/*Linux-ARM64.deb
done
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/scanner/vulnerability/language/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
| | go.mod[^6] | - | - ||| included | - |
| [Rust](rust.md) | Cargo.lock ||||| excluded ||
| | Binaries built with [cargo-auditable](https://github.com/rust-secure-code/cargo-auditable) ||| - | - | excluded | - |
| C/C++ | conan.lock[^12] | - | - ||| excluded | - |
| C/C++ | conan.lock[^12] | - | - ||| excluded | |
| Elixir | mix.lock[^12] | - | - ||| excluded ||
| Dart | pubspec.lock | - | - ||| included | - |

Expand Down
5 changes: 3 additions & 2 deletions docs/tutorials/additional-resources/community.md
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
# Community References
Below is a list of additional resources from the community.

## Vulnderability Scanning
## Vulnerability Scanning

- [Detecting Spring4Shell with Trivy and Grype](https://youtu.be/mOfBcpJWwSs)
- [Scan OS of your EC2 instances with Trivy](https://pabis.eu/blog/2023-05-01-Scan-Instances-With-Trivy.html)

## CI/CD Pipelines

Expand Down Expand Up @@ -34,4 +35,4 @@ Below is a list of additional resources from the community.
### Evaluations

- [Istio evaluating to use Trivy](https://github.com/istio/release-builder/pull/687#issuecomment-874938417)
- [Research Spike: evaluate Trivy for scanning running containers](https://gitlab.com/gitlab-org/gitlab/-/issues/270888)
- [Research Spike: evaluate Trivy for scanning running containers](https://gitlab.com/gitlab-org/gitlab/-/issues/270888)
12 changes: 6 additions & 6 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ require (
github.com/alicebob/miniredis/v2 v2.30.4
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/defsec v0.91.1
github.com/aquasecurity/go-dep-parser v0.0.0-20230803125501-bd9cf68d8636
github.com/aquasecurity/go-dep-parser v0.0.0-20230816082938-c86bfd152132
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
Expand Down Expand Up @@ -98,8 +98,8 @@ require (
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
golang.org/x/mod v0.12.0
golang.org/x/sync v0.3.0
golang.org/x/term v0.10.0
golang.org/x/text v0.11.0
golang.org/x/term v0.11.0
golang.org/x/text v0.12.0
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
google.golang.org/protobuf v1.31.0
gopkg.in/yaml.v3 v3.0.1
Expand Down Expand Up @@ -356,10 +356,10 @@ require (
go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
go.uber.org/atomic v1.10.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
golang.org/x/crypto v0.11.0 // indirect
golang.org/x/net v0.12.0 // indirect
golang.org/x/crypto v0.12.0 // indirect
golang.org/x/net v0.14.0 // indirect
golang.org/x/oauth2 v0.7.0 // indirect
golang.org/x/sys v0.10.0 // indirect
golang.org/x/sys v0.11.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.10.0 // indirect
google.golang.org/api v0.121.0 // indirect
Expand Down
24 changes: 12 additions & 12 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -323,8 +323,8 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
github.com/aquasecurity/defsec v0.91.1 h1:dBIPm6Tva9I+ZTQv+6t9wob3ZlMSu8NFqMJr4mgJC5A=
github.com/aquasecurity/defsec v0.91.1/go.mod h1:l/srzxtuuyb6c6FlqUvMp3xw2ZbvuZ0l9972MNJM7V8=
github.com/aquasecurity/go-dep-parser v0.0.0-20230803125501-bd9cf68d8636 h1:8f/1XPe9xcd8BkXU0LfQXNKmlCUB957674usf+Y/af0=
github.com/aquasecurity/go-dep-parser v0.0.0-20230803125501-bd9cf68d8636/go.mod h1:Cl6aYro+Ddzh1MB451j/C6rvwKdn/Ifa7z98sFirJ9I=
github.com/aquasecurity/go-dep-parser v0.0.0-20230816082938-c86bfd152132 h1:SiiJwsijT2zgXJLGAPc5xXYH6QAnZjfsegm6vi2h/qo=
github.com/aquasecurity/go-dep-parser v0.0.0-20230816082938-c86bfd152132/go.mod h1:0+GvQF0gL4YEAAUPpNeLeGpFDxMvvIHLMd7vk9bpwko=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
github.com/aquasecurity/go-mock-aws v0.0.0-20230328195059-5bf52338aec3 h1:Vt9y1gZS5JGY3tsL9zc++Cg4ofX51CG7PaMyC5SXWPg=
Expand Down Expand Up @@ -1814,8 +1814,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4
golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
Expand Down Expand Up @@ -1928,8 +1928,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
Expand Down Expand Up @@ -2108,17 +2108,17 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
Expand All @@ -2133,8 +2133,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
Expand Down
6 changes: 6 additions & 0 deletions goreleaser.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ builds:
goos:
- linux
goarch:
- 386
- arm
- amd64
- arm64
- s390x
Expand All @@ -31,6 +33,7 @@ builds:
- freebsd
goarch:
# modernc.org/sqlite doesn't support freebsd/arm64, etc.
- 386
- amd64
- id: build-macos
main: cmd/trivy/main.go
Expand Down Expand Up @@ -60,6 +63,7 @@ builds:
goos:
- windows
goarch:
# modernc.org/sqlite doesn't support windows/386 and windows/arm, etc.
- amd64
goarm:
- 7
Expand Down Expand Up @@ -88,6 +92,7 @@ nfpms:
{{- else if eq .Os "dragonfly" }}DragonFlyBSD
{{- else}}{{- title .Os }}{{ end }}-
{{- if eq .Arch "amd64" }}64bit
{{- else if eq .Arch "386" }}32bit
{{- else if eq .Arch "arm" }}ARM
{{- else if eq .Arch "arm64" }}ARM64
{{- else if eq .Arch "ppc64le" }}PPC64LE
Expand All @@ -112,6 +117,7 @@ archives:
{{- else if eq .Os "dragonfly" }}DragonFlyBSD
{{- else}}{{- .Os }}{{ end }}-
{{- if eq .Arch "amd64" }}64bit
{{- else if eq .Arch "386" }}32bit
{{- else if eq .Arch "arm" }}ARM
{{- else if eq .Arch "arm64" }}ARM64
{{- else if eq .Arch "ppc64le" }}PPC64LE
Expand Down
56 changes: 49 additions & 7 deletions integration/testdata/conan.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,21 +25,39 @@
"Name": "bzip2",
"Version": "1.0.8",
"Indirect": true,
"Layer": {}
"Layer": {},
"Locations": [
{
"StartLine": 37,
"EndLine": 43
}
]
},
{
"ID": "expat/2.4.8",
"Name": "expat",
"Version": "2.4.8",
"Indirect": true,
"Layer": {}
"Layer": {},
"Locations": [
{
"StartLine": 51,
"EndLine": 57
}
]
},
{
"ID": "openssl/1.1.1q",
"Name": "openssl",
"Version": "1.1.1q",
"Indirect": true,
"Layer": {}
"Layer": {},
"Locations": [
{
"StartLine": 65,
"EndLine": 71
}
]
},
{
"ID": "pcre/8.43",
Expand All @@ -50,7 +68,13 @@
"bzip2/1.0.8",
"zlib/1.2.12"
],
"Layer": {}
"Layer": {},
"Locations": [
{
"StartLine": 26,
"EndLine": 36
}
]
},
{
"ID": "poco/1.9.4",
Expand All @@ -63,21 +87,39 @@
"sqlite3/3.39.2",
"openssl/1.1.1q"
],
"Layer": {}
"Layer": {},
"Locations": [
{
"StartLine": 12,
"EndLine": 25
}
]
},
{
"ID": "sqlite3/3.39.2",
"Name": "sqlite3",
"Version": "3.39.2",
"Indirect": true,
"Layer": {}
"Layer": {},
"Locations": [
{
"StartLine": 58,
"EndLine": 64
}
]
},
{
"ID": "zlib/1.2.12",
"Name": "zlib",
"Version": "1.2.12",
"Indirect": true,
"Layer": {}
"Layer": {},
"Locations": [
{
"StartLine": 44,
"EndLine": 50
}
]
}
],
"Vulnerabilities": [
Expand Down
12 changes: 12 additions & 0 deletions pkg/fanal/analyzer/language/c/conan/conan_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,24 @@ func Test_conanLockAnalyzer_Analyze(t *testing.T) {
DependsOn: []string{
"zlib/1.2.12",
},
Locations: []types.Location{
{
StartLine: 12,
EndLine: 21,
},
},
},
{
ID: "zlib/1.2.12",
Name: "zlib",
Version: "1.2.12",
Indirect: true,
Locations: []types.Location{
{
StartLine: 22,
EndLine: 28,
},
},
},
},
},
Expand Down

0 comments on commit 79a64d0

Please sign in to comment.